----- Original Message -----
From: Craig R. McClanahan <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, December 21, 1999 9:42 PM
Subject: Re: Expiry of session
> Rajendra Mishra wrote:
>
> > Hi Craig,
> > Is this also true for any other cookies which we may write from the
> > servlet? For exp, i have a servlet which writes a cookie. then through
> > another servlet, this cookie is changed. However, this cokie is not
saved in
> > the file till the browser is closed(netscape only). The cookie-values
which
> > are passed to the server are the ones which were saved before the
browser
> > was opened(IE as well as Netscape) and not the new one.
>
> Are you sure your second servlet (the one that changed the cookie) really
did
> send it? To succeed, you would have needed to call response.addCookie()
using
> a cookie with the same name to do this.
I am not sure what function is being used to re-write the cookie (it has
been written by another programmer). I will check it out.
However, I am sure that the cookie-file is being re-written only when the
user closes the browser. I kept the explorer open to see the file timestamp.
When I call the servlet which changes the cookie-file, the file timestamp
does not change. Then, when I call a servlet, the Java console shows me that
the values being passed are the old ones. I close the browser. At this time,
i see that the file timestamp has changed. I reopen the browser and call a
servlet and the changed values are passed now(the cookie file has been
updated now!!). I am beginning to think that the programmer who wrote the
cookie module is not using the correct fn to re-write the cookie.
>
> If you want your cookie (either new or updated) to survive a restart of
the
> browser, you will need to set the maximum age to some positive value in
the
> future. The default maximum age value of -1 tells the browser to delete
this
> cookie when the browser is exited.
>
> >
> > How can we update the cookies so that the new values are passed
without
> > killing the session?
>
> I do not see how anything you do with cookies has any impact on your
sessions,
> as long as you avoid using the cookie name being used by your servlet
engine
> for the session ID cookie (this should be identified in the
documentation).
> User cookies should have different names.
>
I was thinking that in a session, the browser may be not be updating the
cookie file and instead storing it in memory. From the behaviour described
above, i was kinda quite sure that this was what was happening. Now i am not
quite sure. I will check the code and post here again.
Thanks...
Raaj.
> >
> > Raaj.
> >
>
> Craig McClanahan
>
>
> >
> > ----- Original Message -----
> > From: Craig R. McClanahan <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, December 21, 1999 8:30 PM
> > Subject: Re: Expiry of session
> >
> > > Jean Bresse wrote:
> > >
> > > > Hi:
> > > >
> > > > I know that a session can be destroyed by invoking the invalidate()
> > > > method. It can also be destroyed once a certain time has passed,
> > > > usually 30 minutes. The problem is as follow:
> > > >
> > > > 1) User A starts a session, then closes his/her browser.
> > > >
> > > > 2) User B starts the invokes the same browser.
> > > >
> > > > Our environment wants to treat user B as a user with no session (for
> > > > example, the user is prompted to log on, and only THEN a session is
> > > > instantiated). Is there a way for the server to destroy the session
> > > > upon the user closing the browser?
> > > >
> > > > If this is the right way to approach the problem, suggestions for
> > > > solution are most welcome! If any of the above is incorrect, your
input
> > > > is even more appreciated!
> > > >
> > >
> > > Most servlet containers configure their session ID cookies with the
age
> > value
> > > that says "this cookie expires when the browser is closed" for
precisely
> > this
> > > reason. In Java, you do this by calling Cookie.setMaxAge() with a
> > negative
> > > argument. Therefore, as soon as user A closes the browser (or it
crashes
> > on
> > > them :-) and user B starts it, all the session cookies are gone.
> > >
> > > As a side effect (for Netscape at least) this setting causes the
cookie to
> > > never be written out to the cookies.txt file, since there is no reason
to
> > save
> > > it. This reduces the risk of someone being able to snoop your hard
disk,
> > swipe
> > > your session ID, and impersonate you.
> > >
> > > >
> > > > Jean Bresse
> > > >
> > >
> > > Craig McClanahan
> > >
> > >
> >
___________________________________________________________________________
> > > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> > body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > > Resources:
http://java.sun.com/products/servlet/external-resources.html
> > > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
> > >
> >
> >
___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
